/** * Display a list of all categories * * @return void */ public function displayTask() { // Get filters $this->view->filters = array('sort' => Request::getState($this->_option . '.' . $this->_controller . '.sort', 'filter_order', 'title'), 'sort_Dir' => Request::getState($this->_option . '.' . $this->_controller . '.sortdir', 'filter_order_Dir', 'ASC'), 'limit' => Request::getState($this->_option . '.' . $this->_controller . '.limit', 'limit', Config::get('list_limit'), 'int'), 'start' => Request::getState($this->_option . '.' . $this->_controller . '.limitstart', 'limitstart', 0, 'int')); $obj = new Archive(); // Get record count $this->view->total = $obj->products('count', $this->view->filters); // Get records $this->view->rows = $obj->products('list', $this->view->filters); // For all records here get SKUs $skus = new \stdClass(); $warehouse = new Warehouse(); foreach ($this->view->rows as $r) { $key = $r->pId; $allSkus = $warehouse->getProductSkus($r->pId, 'all', false); // Count how many active and how many inactive SKUs there are $skuCounter = new \stdClass(); $skuCounter->active = 0; $skuCounter->inactive = 0; foreach ($allSkus as $skuInfo) { if ($skuInfo->sActive) { $skuCounter->active++; } else { $skuCounter->inactive++; } } $skus->{$key} = $skuCounter; } $this->view->skus = $skus; // access groups $accessGroups = array(); if ($this->config->get('productAccess')) { $ag = \Hubzero\Access\Group::all()->rows(); $accessGroups[0] = 'None'; foreach ($ag as $obj) { $accessGroups[$obj->get('id')] = $obj->get('title'); } } else { $ag = Access::assetgroups(); $accessGroups[0] = 'All'; foreach ($ag as $obj) { $accessGroups[$obj->value] = $obj->text; } } $this->view->ag = $accessGroups; // Output the HTML $this->view->set('config', $this->config)->display(); }
/** * Debug permissions * * @return void */ public function debugTask() { include_once dirname(dirname(__DIR__)) . DS . 'helpers' . DS . 'debug.php'; // Get filters $filters = array('search' => urldecode(Request::getState($this->_option . '.' . $this->_controller . '.search', 'search', '')), 'sort' => Request::getState($this->_option . '.' . $this->_controller . '.sort', 'filter_order', 'lft'), 'sort_Dir' => Request::getState($this->_option . '.' . $this->_controller . '.sortdir', 'filter_order_Dir', 'ASC'), 'level_start' => Request::getState($this->_option . '.' . $this->_controller . '.filter_level_start', 'filter_level_start', 0, 'int'), 'level_end' => Request::getState($this->_option . '.' . $this->_controller . '.filter_level_end', 'filter_level_end', 0, 'int'), 'component' => Request::getState($this->_option . '.' . $this->_controller . '.filter_component', 'filter_component', '')); if ($filters['level_end'] > 0 && $filters['level_end'] < $filters['level_start']) { $filters['level_end'] = $filters['level_start']; } $id = Request::getInt('id', 0); // Load access group $accessgroup = Accessgroup::oneOrFail($id); // Select the required fields from the table. $entries = \Hubzero\Access\Asset::all(); if ($filters['search']) { $entries->whereLike('name', $filters['search'], 1)->orWhereLike('title', $filters['search'], 1)->resetDepth(); } if ($filters['level_start'] > 0) { $entries->where('level', '>=', $filters['level_start']); } if ($filters['level_end'] > 0) { $entries->where('level', '<=', $filters['level_end']); } // Filter the items over the component if set. if ($filters['component']) { $entries->whereEquals('name', $filters['component'], 1)->orWhereLike('name', $filters['component'], 1)->resetDepth(); } $assets = $entries->order($filters['sort'], $filters['sort_Dir'])->paginated()->rows(); $actions = \Components\Members\Helpers\Debug::getActions($filters['component']); $data = $assets->raw(); $assets->clear(); foreach ($data as $key => $asset) { $checks = array(); foreach ($actions as $action) { $name = $action[0]; $level = $action[1]; // Check that we check this action for the level of the asset. if ($action[1] === null || $action[1] >= $asset->get('level')) { // We need to test this action. $checks[$name] = \JAccess::checkGroup($id, $action[0], $asset->get('name')); } else { // We ignore this action. $checks[$name] = 'skip'; } } $asset->set('checks', $checks); $assets->push($asset); } $levels = \Components\Members\Helpers\Debug::getLevelsOptions(); $components = \Components\Members\Helpers\Debug::getComponents(); // Output the HTML $this->view->set('group', $accessgroup)->set('filters', $filters)->set('assets', $assets)->set('actions', $actions)->set('levels', $levels)->set('components', $components)->display(); }
/** * Edit an entry * * @param object $row * @return void */ public function editTask($row = null) { Request::setVar('hidemainmenu', 1); if (!$row) { // Incoming $id = Request::getVar('id', array()); // Get the single ID we're working with if (is_array($id)) { $id = !empty($id) ? $id[0] : 0; } $row = Viewlevel::oneOrNew($id); } $row->set('rules', json_decode($row->get('rules'))); $groups = Accessgroup::all()->order('lft', 'asc')->rows(); // Output the HTML $this->view->set('row', $row)->set('groups', $groups)->setErrors($this->getErrors())->setLayout('edit')->display(); }
/** * Gets the parent groups that a leaf group belongs to in its branch back to the root of the tree * (including the leaf group id). * * @param mixed $groupId An integer or array of integers representing the identities to check. * @return mixed True if allowed, false for an explicit deny, null for an implicit deny. */ protected static function getGroupPath($groupId) { // Preload all groups if (empty(self::$userGroups)) { self::$userGroups = Group::all()->order('lft', 'asc')->rows(); } // Make sure groupId is valid if (!array_key_exists($groupId, self::$userGroups)) { return array(); } // Get parent groups and leaf group if (!isset(self::$userGroupPaths[$groupId])) { self::$userGroupPaths[$groupId] = array(); foreach (self::$userGroups as $group) { if ($group->get('lft') <= self::$userGroups[$groupId]->get('lft') && $group->get('rgt') >= self::$userGroups[$groupId]->get('rgt')) { self::$userGroupPaths[$groupId][] = $group->get('id'); } } } return self::$userGroupPaths[$groupId]; }
/** * Serve the file * * @param $pId * @return void */ public function displayTask() { // Get the transaction ID $tId = Request::getInt('task', ''); // Get the SKU ID $sId = Request::getVar('p0'); // Get the landing page flag $direct = Request::getVar('p1'); // Check if the transaction is complete and belongs to the user and is active and the SKU requested is valid $transaction = Cart::getTransactionFacts($tId); $transactionExistingItems = $transaction->items; $transaction = $transaction->info; $transactionItems = unserialize($transaction->tiItems); $tStatus = $transaction->tStatus; $crtId = $transaction->crtId; // get cart user $cartUser = Cart::getCartUser($crtId); $currentUser = $this->juser->id; // Error if needed if ($tStatus !== 'completed') { $messages = array(array(Lang::txt('COM_CART_DOWNLOAD_TRANSACTION_NOT_COMPLETED'), 'error')); $this->messageTask($messages); return; } elseif ($cartUser != $currentUser) { $messages = array(array(Lang::txt('COM_CART_DOWNLOAD_NOT_AUTHORIZED'), 'error')); $this->messageTask($messages); return; } elseif (!array_key_exists($sId, $transactionItems)) { $messages = array(array(Lang::txt('COM_CART_DOWNLOAD_NOT_AUTHORIZED'), 'error')); $this->messageTask($messages); return; } // Check if the product is valid and downloadable; find the file $warehouse = new Warehouse(); $sku = $warehouse->getSkuInfo($sId); $productType = $warehouse->getProductTypeInfo($sku['info']->ptId); $downloadFile = $sku['meta']['downloadFile']; // Error if needed if ($productType['ptName'] != 'Software Download' || empty($downloadFile)) { $messages = array(array(Lang::txt('COM_CART_DOWNLOAD_FILE_NOT_DOWNLOADABLE'), 'error')); $this->messageTask($messages); return; } $db = \App::get('db'); // Check if there is a limit on how many times the product can be downloaded // Get the number of downloads allowed if (isset($sku['meta']['downloadLimit']) && $sku['meta']['downloadLimit'] && is_numeric($sku['meta']['downloadLimit'])) { $sql = "SELECT COUNT(`dId`) FROM `#__cart_downloads` WHERE `uId` = {$currentUser} AND `sId` = {$sId} AND `dStatus` > 0"; $db->setQuery($sql); $downloadsCount = $db->loadResult(); if ($downloadsCount >= $sku['meta']['downloadLimit']) { $messages = array(array('Download limit exceeded', 'error')); $this->messageTask($messages); return; } } // Path and file name $storefrontConfig = Component::params('com_storefront'); $dir = $storefrontConfig->get('downloadFolder', '/site/protected/storefront/software'); $file = PATH_APP . $dir . DS . $downloadFile; if (!file_exists($file)) { $messages = array(array(Lang::txt('COM_CART_DOWNLOAD_FILE_NOT_FOUND'), 'error')); $this->messageTask($messages); return; } if (!$direct) { $this->landingTask($tId, $sId); return; } // Log the download $sql = "INSERT INTO `#__cart_downloads` SET\n\t\t\t\t`uId` = " . $currentUser . ",\n\t\t\t\t`sId` = " . $sId . ",\n\t\t\t\t`dIp` = INET_ATON(" . $db->quote(Request::ip()) . "),\n\t\t\t\t`dDownloaded` = NOW()"; $db->setQuery($sql); $db->query(); $dId = $db->insertid(); // Save the meta data $userGroups = User::getAuthorisedGroups(); $meta = array(); $ignoreGroups = array('public', 'registered'); foreach ($userGroups as $groupId) { $group = Accessgroup::one($groupId); if (!in_array(strtolower($group->get('title')), $ignoreGroups)) { $meta[$groupId] = $group->get('title'); } } if ($mta = User::getState('metadata')) { $meta = array_merge($meta, $mta); } $sql = "INSERT INTO `#__cart_meta` SET\n\t\t\t\t`scope_id` = " . $dId . ",\n\t\t\t\t`scope` = 'download',\n\t\t\t\t`mtKey` = 'userInfo',\n\t\t\t\t`mtValue` = '" . serialize($meta) . "'"; $db->setQuery($sql); $db->query(); // Figure out if the EULA was accepted $itemTransactionInfoMeta = $transactionExistingItems[$sId]['transactionInfo']->tiMeta; $eulaAccepted = $itemTransactionInfoMeta && property_exists($itemTransactionInfoMeta, 'eulaAccepted') && $itemTransactionInfoMeta->eulaAccepted ? true : false; if ($eulaAccepted) { $sql = "INSERT INTO `#__cart_meta` SET\n\t\t\t\t\t`scope_id` = " . $dId . ",\n\t\t\t\t\t`scope` = 'download',\n\t\t\t\t\t`mtKey` = 'eulaAccepted',\n\t\t\t\t\t`mtValue` = '" . $eulaAccepted . "'"; $db->setQuery($sql); $db->query(); } // Serve up the file $xserver = new \Hubzero\Content\Server(); $xserver->filename($file); $xserver->serve_attachment($file); // Firefox and Chrome fail if served inline exit; }
/** * Save an entry and return to main listing * * @return void */ public function saveTask() { // Check for request forgeries Request::checkToken(); if (!User::authorise('core.manage', $this->_option) && !User::authorise('core.admin', $this->_option) && !User::authorise('core.create', $this->_option) && !User::authorise('core.edit', $this->_option)) { App::abort(403, Lang::txt('JERROR_ALERTNOAUTHOR')); } // Incoming profile edits $fields = Request::getVar('fields', array(), 'post', 'none', 2); // Load the profile $user = Member::oneOrNew($fields['id']); // Get the user before changes so we can // compare how data changed later on $prev = clone $user; // Set the incoming data $user->set($fields); if ($user->isNew()) { $newUsertype = $this->config->get('new_usertype'); if (!$newUsertype) { $newUsertype = Accessgroup::oneByTitle('Registered')->get('id'); } $user->set('accessgroups', array($newUsertype)); // Check that username is filled if (!Validate::username($user->get('username'))) { Notify::error(Lang::txt('COM_MEMBERS_MEMBER_USERNAME_INVALID')); return $this->editTask($user); } // Check email is valid if (!Validate::email($user->get('email'))) { Notify::error(Lang::txt('COM_MEMBERS_MEMBER_EMAIL_INVALID')); return $this->editTask($user); } // Set home directory $hubHomeDir = rtrim($this->config->get('homedir'), '/'); if (!$hubHomeDir) { // try to deduce a viable home directory based on sitename or live_site $sitename = strtolower(Config::get('sitename')); $sitename = preg_replace('/^http[s]{0,1}:\\/\\//', '', $sitename, 1); $sitename = trim($sitename, '/ '); $sitename_e = explode('.', $sitename, 2); if (isset($sitename_e[1])) { $sitename = $sitename_e[0]; } if (!preg_match("/^[a-zA-Z]+[\\-_0-9a-zA-Z\\.]+\$/i", $sitename)) { $sitename = ''; } if (empty($sitename)) { $sitename = strtolower(Request::base()); $sitename = preg_replace('/^http[s]{0,1}:\\/\\//', '', $sitename, 1); $sitename = trim($sitename, '/ '); $sitename_e = explode('.', $sitename, 2); if (isset($sitename_e[1])) { $sitename = $sitename_e[0]; } if (!preg_match("/^[a-zA-Z]+[\\-_0-9a-zA-Z\\.]+\$/i", $sitename)) { $sitename = ''; } } $hubHomeDir = DS . 'home'; if (!empty($sitename)) { $hubHomeDir .= DS . $sitename; } } $user->set('homeDirectory', $hubHomeDir . DS . $user->get('username')); $user->set('loginShell', '/bin/bash'); $user->set('ftpShell', '/usr/lib/sftp-server'); $user->set('registerDate', Date::toSql()); } // Set the new info $user->set('givenName', preg_replace('/\\s+/', ' ', trim($fields['givenName']))); $user->set('middleName', preg_replace('/\\s+/', ' ', trim($fields['middleName']))); $user->set('surname', preg_replace('/\\s+/', ' ', trim($fields['surname']))); $name = array($user->get('givenName'), $user->get('middleName'), $user->get('surname')); $name = implode(' ', $name); $name = preg_replace('/\\s+/', ' ', $name); $user->set('name', $name); $user->set('modifiedDate', Date::toSql()); if ($ec = Request::getInt('activation', 0, 'post')) { $user->set('activation', $ec); } else { $user->set('activation', Helpers\Utility::genemailconfirm()); } // Can't block yourself if ($user->get('block') && $user->get('id') == User::get('id') && !User::get('block')) { Notify::error(Lang::txt('COM_USERS_USERS_ERROR_CANNOT_BLOCK_SELF')); return $this->editTask($user); } // Make sure that we are not removing ourself from Super Admin group $iAmSuperAdmin = User::authorise('core.admin'); if ($iAmSuperAdmin && User::get('id') == $user->get('id')) { // Check that at least one of our new groups is Super Admin $stillSuperAdmin = false; foreach ($fields['accessgroups'] as $group) { $stillSuperAdmin = $stillSuperAdmin ? $stillSuperAdmin : \JAccess::checkGroup($group, 'core.admin'); } if (!$stillSuperAdmin) { Notify::error(Lang::txt('COM_USERS_USERS_ERROR_CANNOT_DEMOTE_SELF')); return $this->editTask($user); } } // Save the changes if (!$user->save()) { Notify::error($user->getError()); return $this->editTask($user); } // Save profile data $profile = Request::getVar('profile', array(), 'post', 'none', 2); $access = Request::getVar('profileaccess', array(), 'post', 'none', 2); foreach ($profile as $key => $data) { if (isset($profile[$key]) && is_array($profile[$key])) { $profile[$key] = array_filter($profile[$key]); } if (isset($profile[$key . '_other']) && trim($profile[$key . '_other'])) { if (is_array($profile[$key])) { $profile[$key][] = $profile[$key . '_other']; } else { $profile[$key] = $profile[$key . '_other']; } unset($profile[$key . '_other']); } } if (!$user->saveProfile($profile, $access)) { Notify::error($user->getError()); return $this->editTask($user); } // Do we have a new pass? $newpass = trim(Request::getVar('newpass', '', 'post')); if ($newpass) { // Get password rules and validate $password_rules = \Hubzero\Password\Rule::all()->whereEquals('enabled', 1)->rows(); $validated = \Hubzero\Password\Rule::verify($newpass, $password_rules, $user->get('id')); if (!empty($validated)) { // Set error Notify::error(Lang::txt('COM_MEMBERS_PASSWORD_DOES_NOT_MEET_REQUIREMENTS')); $this->validated = $validated; $this->_task = 'apply'; } else { // Save password \Hubzero\User\Password::changePassword($user->get('username'), $newpass); } } $passinfo = \Hubzero\User\Password::getInstance($user->get('id')); if (is_object($passinfo)) { // Do we have shadow info to change? $shadowMax = Request::getInt('shadowMax', false, 'post'); $shadowWarning = Request::getInt('shadowWarning', false, 'post'); $shadowExpire = Request::getVar('shadowExpire', '', 'post'); if ($shadowMax || $shadowWarning || !is_null($passinfo->get('shadowExpire')) && empty($shadowExpire)) { if ($shadowMax) { $passinfo->set('shadowMax', $shadowMax); } if ($shadowExpire || !is_null($passinfo->get('shadowExpire')) && empty($shadowExpire)) { if (preg_match("/[0-9]{4}-[0-9]{2}-[0-9]{2}/", $shadowExpire)) { $shadowExpire = strtotime($shadowExpire) / 86400; $passinfo->set('shadowExpire', $shadowExpire); } elseif (preg_match("/[0-9]+/", $shadowExpire)) { $passinfo->set('shadowExpire', $shadowExpire); } elseif (empty($shadowExpire)) { $passinfo->set('shadowExpire', NULL); } } if ($shadowWarning) { $passinfo->set('shadowWarning', $shadowWarning); } $passinfo->update(); } } // Check for spam count $reputation = Request::getVar('spam_count', null, 'post'); if (!is_null($reputation)) { $user->reputation->set('spam_count', $reputation); $user->reputation->save(); } // Email the user that their account has been approved if (!$prev->get('approved') && $this->config->get('useractivation_email')) { if (!$this->emailApprovedUser($user)) { Notify::error(Lang::txt('COM_MEMBERS_ERROR_EMAIL_FAILED')); } } // Set success message Notify::success(Lang::txt('COM_MEMBERS_MEMBER_SAVED')); // Drop through to edit form? if ($this->getTask() == 'apply') { return $this->editTask($user); } // Redirect $this->cancelTask(); }